In an open distributed system, multiple applications generally run on several machines of different types. Cisco Syslog Analysis streamlines the management of such systems by providing a common administrative interface for all log messages received from the applications.

The result provides an orderly presentation of information that assists in the diagnosis and troubleshooting of system problems.

System Log Management Process

Although it can be adapted to other network management systems, Cisco Syslog Analysis, which is packaged with CiscoWorks2000 Resource Manager Essentials, provides the best method to manage Syslog messages from Cisco devices.

Cisco Syslog Analyzer serves as the component of Cisco Syslog Analysis that provides a common storage and analysis of the system log for multiple applications. The other major component, Syslog Analyzer Collector, gathers log messages from Cisco CallManager servers.

These two Cisco applications work together to provide a centralized system logging service for Cisco IP Telephony Solutions.

A diagram of the system (Figure 20-1) shows how the Syslog Analyzer and Syslog Collector function within the syslog analysis process.

Figure 20-1 Functional Components of the System Logging Service

CiscoWorks2000

Using CiscoWorks2000, you can configure and produce reports on the log messages collected from each Cisco CallManager device and other IP telephony devices.

CiscoWorks2000 provides a common system log for applications in the multihost and multiplatform Cisco IP Telephony Solutions environment. In addition, with help from SNMP, CiscoWorks2000 can also provide additional information on each device from which the log messages originate.

Adding a device to the CiscoWorks2000 device inventory database creates a new entry. Once the device is added to the list, CiscoWorks2000 gathers some device information using SNMP. You can easily read and use this information for system maintenance and problem solving.

Cisco Syslog Analyzer Collector

Syslog Analyzer Collector collects log messages from a Cisco CallManager server, or a cluster of servers, at any network installation (as shown in Figure 20-1). The service collects a wide range of significant event messages that reflect system status.

After validating the events or error messages collected, Syslog Analyzer Collector passes them to the Syslog Analyzer. When this process is complete, you can use Syslog Analyzer to analyze the log messages.

You can stop and start the Syslog Analyzer Collector service from the Windows 2000 Service Control Manager.

Cisco Syslog Analyzer

Cisco Syslog Analyzer, which resides on a CiscoWorks2000 server, receives the messages collected from multiple applications by the Syslog Analyzer Collector.

When a collection of data is received, the Cisco Syslog Analyzer parses and stores the results in the CiscoWorks2000 database. Use this interface to access and manage the data that is collected from the system managed devices.

Cisco CallManager Syslog Components

The following sections describe the Syslog messages and the SNMP extension agent: